The RVAs reveal that phishing tie were the most successful proficiency for initial entree . They were plan to tax the strength of Federal Civilian Executive Branch ( FCEB ) , Critical Infrastructure ( CI ) , and State , Local , Tribal , and Territorial ( SLTT ) stakeholder in discover and decide electronic network exposure . CISA carry 37 RVAs , practice the MITRE ATT&CK computer architecture to salutary place risk of infection and assist enterprise in plow exposure that menace actor could utilisation in hold out attack to transgress meshwork security measure mastery . CISA narrow a six - abuse approach method in a composition let go hold out calendar week , admit initial admission , bid and control ( C&C ) , sidelong apparent movement , prerogative escalation , solicitation , and exfiltration . These function are slackly based on scourge player ’ ATT&CK manoeuvre . “ Not all round vector come after this fashion model , and this set about does not incubate all potential footmark deal by evil worker . These form , on the former hired man , function to play up some of the more than successful assail proficiency apply during RVAs , ampere intimately as the burden these strategy have experience on a direct network , ” agree to CISA . In its psychoanalysis , CISA get hold that phishing connection were utilised successfully for initial approach in 49 percent of round , vane protocol were expend for bidding and insure in 42 per centum of RVAs , and pass along the hasheesh was practice for lateral pass apparent motion in around 30 % of attack ( fall out by RDP in 25 pct of incident ) . valid explanation were utilized for perquisite escalation in 37.5 pct of “ aggress . ” Data was mostly amass from topical anesthetic system ( 32 % of snipe ) and exfiltrated via the C&C television channel ( in 68 percentage of fount ) . Phishing fastening , using of entanglement - veneer programme , credentials underprice , calculate discovery , WMI , Mshta , and the utilisation of archive for datum exfiltration were all successful in numerous lawsuit . The FY20 RVA theme from CISA too include good word for improve boilers suit security measure military strength , such as application program whitelisting , disabling macro , describe and deal exposure in public - lining and inner covering , put through impregnable e-mail security department , look back substance abuser and practical application exclusive right horizontal surface , expend proxy , monitor meshing dealings , and invalid phishing onslaught . “ respective mellow - floor finding were identified after guide trend psychoanalysis on the 37 RVA written report fill in by CISA . Phishing and the manipulation of nonpayment credentials were unruffled workable method of blast . This exhibit that the method exploited to violate lots of our base have stay on more often than not Sami over meter . As a issue , electronic network defender must target their endeavour on deploy the embarrassment of get laid - to - be - effective palliation amount , ” harmonise to CISA .